CVE-2024-42812

CRITICAL

CVSS v3

9.8

CRITICAL

EPSS Score

28.3%

exploit probability

CISA KEV

No

known exploited

Exploitation

SSVC status

Description

In D-Link DIR-860L v2.03, there is a buffer overflow vulnerability due to the lack of length verification for the SID field in gena.cgi. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands.

Technical Details

Published
8/19/2024

Frequently Asked Questions

What is CVE-2024-42812?

In D-Link DIR-860L v2.03, there is a buffer overflow vulnerability due to the lack of length verification for the SID field in gena.cgi. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands.

Is CVE-2024-42812 actively exploited?

Active exploitation of CVE-2024-42812 has not been confirmed. The EPSS score is 28.3%, indicating the estimated probability of exploitation in the next 30 days.

What is the CVSS score for CVE-2024-42812?

CVE-2024-42812 has a CVSS v3 base score of 9.8 (CRITICAL severity).

Is CVE-2024-42812 affecting your environment?

Use isMalicious to check if any of your IPs or domains are associated with this vulnerability's IOCs.